Rapid7 Vulnerability & Exploit Database

Cisco NX-OS: CVE-2020-3454: Cisco NX-OS Software Call Home Command Injection Vulnerability

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Cisco NX-OS: CVE-2020-3454: Cisco NX-OS Software Call Home Command Injection Vulnerability

Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
08/27/2020
Created
08/28/2020
Added
08/27/2020
Modified
04/08/2024

Description

A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of specific Call Home configuration parameters when the software is configured for transport method HTTP. An attacker could exploit this vulnerability by modifying parameters within the Call Home configuration on an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying OS.

Solution(s)

  • update-nxos

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;